1.1. Ltd RITG (hereinafter the Company) Personal Data Processing
Policy contains information on the applicable requirements to personal data
processing and protection.
1.2. The Policy is developed in line with the requirements of the
Convention for the Protection of Individuals with regard to Automatic
Processing of Personal Data of the Council of Europe, the Constitution of
the Russian Federation, international agreements of the Russian Federation,
federal laws and other regulatory legal acts of the Russian Federation
related to personal data.
1.3. The purpose of this document is to inform the personal data owners and
other persons engaged in personal data processing of Ltd RITG’s
adherence to the fundamental principles of legitimacy, justice,
non-redundancy, correlation of the content and scope of the personal data
processed to the declared processing purposes.
1.4. Protection of rights and freedoms of an individual as part of personal
data processing, including protection of rights to privacy, personal and
family secrets is one of the Company’s priorities.
1.5. The Policy covers all personal data processed in the Company and
constitutes a public document.
2.1. Personal data are processed by the Company in view of the processing
2.1.1. With consent of personal data owners to their personal data
2.1.2. For the purpose of compliance with the laws of the Russian
Federation, international agreements of the Russian Federation, decrees by
the RF Government and other regulatory legal acts of the Russian
2.1.3. For the purpose of agreement execution whose Party, beneficiary or
guarantor is represented by the personal data owner, including the cases
when the Company realizes its right to cession of rights (claims) under
3.1. Personal data are processed in the Company either with application of
automation technologies, including information personal data systems, or
without them (mixed personal data processing).
3.2. Should the automated data processing method be used, personal data are
transmitted via the Company’s internal network and via Internet, i.
e., information and telecommunication network.
3.3. Personal data are processed for the following purposes:
3.3.1. Rendering assistance to the employees and candidates in employment,
training and career development, quantity and quality control of the work
performed, compliance with the labor legislation and other regulations
containing the norms of labor legislation;
3.3.2. Provision of social benefits and guarantees, personal safety or
protection of other vital interests of the Company’s employees and
their family members;
3.3.3. Conclusion and execution of civil law contracts, including service
3.3.4. Compliance with the RF laws on joint-stock companies, information
3.3.5. Compliance with antitrust legislation;
3.3.6. Compliance with the securities legislation;
3.3.7. Protection of rights and legal interests of the Company, and those
of their officers in court, dispute settlement and administrative
3.3.8. Preparation of statements or requests, notifications, etc. provided
for by the legislation to be submitted to the Pension Fund of the Russian
Federation, Social Insurance Fund of the Russian Federation, Federal
Compulsory Medical Insurance Fund, Federal Tax Service and other state
bodies and services;
3.3.9. Consolidation of statistic data and figures;
3.3.10. Conduct of inspections and audits in the Company;
3.3.11. Organizing access and on-site control in the administrative
buildings of the Company, property protection;
3.3.12. Keeping corporate phone and other information books, publications
at in-house portals, recognition boards and in public personal data
3.3.13. Fulfillment of other obligations as part of the legal grounds
specified in cl. 2.1 hereof.
4.1. Personal data shall not be processed until the legal grounds for
personal data processing outlined in cl. 3 hereof arise.
4.2. Personal data processing shall be suspended as soon as processing
purposes are achieved, legal grounds for data processing cease to exist,
and the document storage period, provided for by the legislation on
archive-keeping in the Russian Federation and the local regulations of Ltd
4.3. Upon processing period expiration the personal data are either
destroyed or depersonalized to be used for statistical or other research
5.1. The personal data owner shall be entitled to be informed of his/her
personal data processing within the time period and according to the
procedure provided for by the Federal law.
5.2. The personal data owner shall be entitled to require adjustment of
his/her personal data from the Company, their blocking or destruction,
provided that the personal data are incomplete, outdated, inaccurate,
illegally obtained or are not necessary for the declared processing
purpose; the data owner shall have the right to take the measures provided
for by the Federal law to protect his/her rights.
5.3. The access rights of the personal data owner to his/her personal data
can be limited in accordance with the Federal law.
5.4. The personal data owner shall be entitled to challenge the actions or
failure to act on the part of the Company by filing a petition to the
authorized body for protection of personal data owner rights or by legal
5.5. The personal data owner shall be entitled to protect his/her rights
and legal interests, including reimbursement of expenses and (or)
compensation for moral injury by legal means.
6.1. In the course of personal data processing the Company shall take
required legal, organizational and technical measures to protect the
personal data from unlawful or accidental access, destruction, adjustment,
blocking, copying, submission, sharing or other unlawful actions with
regard to the personal data.
6.2. The personal data shall be protected by means of the following:
6.2.1. Appointment of persons responsible for organizing personal data
processing and personal data safety;
6.2.2. Issuance of local regulations on personal data processing and
protection focused on prevention and tracing violations of the RF laws,
elimination of respective consequences;
6.2.3. Making a list of positions that require personal data processing of
the persons filling such positions;
6.2.4. Conduct of trainings, rendering methodological support, informing,
against signature, the employees engaged in personal data processing of the
fact of their participation in personal data processing, as well as of the
rules for personal data processing and protection set by the regulatory
legal acts of the executive bodies and the local regulations of Ltd
6.2.5. Registration and recording of operations with personal data;
6.2.6. Keeping records of personal data owners’ appeals and their
6.2.7. Transmission of personal data within the Company solely among the
persons holding the positions included into the list of positions that
require personal data processing of the persons filling such positions;
6.2.8. Identifying threats to personal data safety while they are processed
within the information personal data systems, development, if appropriate,
a personal data protection system while they are processed within the
information personal data systems and setting access rules to personal
6.2.9. Tracing cases of unauthorized access to personal data and taking
6.2.10. Regular control over compliance of the personal data protection
measures taken with the RF legislation on personal data and applicable
local regulatory acts adopted in pursuance of the said legislation.
According to the applicable RF legislation the Company’s employees
engaged in personal data processing shall bear disciplinary, civil,
administrative or criminal responsibility for violation of personal data
processing rules and requirements to personal data protection.